Search Exploit

Oracle Outside In 8.5.3 Denial Of Service

Secunia Research has discovered multiple vulnerabilities in Oracle Outside In Technology, which can be exploited by malicious people to disclose potentially sensitive information and cause a DoS (Denial of Service). An error in the vsxl5.dll when processing GelFrame objects can be exploited to cause a out-of-bounds read memory access. An integer underflow error in the vsxl5.dll can be exploited to cause an out-of-bounds read memory access. An error when processing "Body" element of HTML file can be exploited to cause a null pointer dereference. An error within the "readChartStyles()" function (vswk6.dll) can be exploited to cause a null pointer dereference. An error in the vswk6.dll can be exploited to cause an out-of-bounds read memory access. An error within the "readChartStyles()" function (vswk6.dll) can be exploited to trigger an infinite loop. An error within the vswk6.dll can be exploited to disclose uninitialized memory or cause a crash. Another error within the vswk6.dll can be exploited to disclose uninitialized memory or cause a crash. Another error within the vswk6.dll can be exploited to disclose uninitialized memory or cause a crash. Another error within the vswk6.dll can be exploited to disclose uninitialized memory or cause a crash. The vulnerabilities are confirmed in version 8.5.3. Other versions may also be affected.

Secunia Research has discovered multiple vulnerabilities in Oracle Outside In Technology, which can be exploited by malicious people to disclose potentially sensitive information and cause a DoS (Denial of Service).

1) An error in the vsxl5.dll when processing GelFrame objects can beexploited to cause a out-of-bounds read memory access.

2) An integer underflow error in the vsxl5.dll can be exploited tocause an out-of-bounds read memory access.

3) An error when processing "Body" element of HTML file can beexploited to cause a null pointer dereference.

4) An error within the "readChartStyles()" function (vswk6.dll)can be exploited to cause a null pointer dereference.

5) An error in the vswk6.dll can be exploited to cause anout-of-bounds read memory access.

6) An error within the "readChartStyles()" function (vswk6.dll)can be exploited to trigger an infinite loop.

7) An error within the vswk6.dll can be exploited to discloseuninitialized memory or cause a crash.

8) Another error within the vswk6.dll can be exploited todisclose uninitialized memory or cause a crash.

9) Another error within the vswk6.dll can be exploited todisclose uninitialized memory or cause a crash.

10) Another error within the vswk6.dll can be exploited todisclose uninitialized memory or cause a crash.

The vulnerabilities are confirmed in version 8.5.3. Other versions mayalso be affected.

Flexera supports and contributes to the community in severalways. We have always believed that reliable vulnerabilityintelligence and tools to aid identifying and fixing vulnerabilitiesshould be freely available for consumers to ensure that users,who care about their online privacy and security, can stay secure.Only a few vendors address vulnerabilities in a proper way and helpusers get updated and stay secure. End-users (whether privateindividuals or businesses) are otherwise left largely alone, andthat is why back in 2002, Secunia Research started investigating,coordinating disclosure and verifying software vulnerabilities.In 2016, Secunia Research became a part of Flexera and todayour in-house software vulnerability research remains the core ofthe Software Vulnerability Management products at Flexera.

https://www.flexera.com/enterprise/company/about/secunia-research/

The public Secunia Advisory database contains information forresearchers, security enthusiasts, and consumers to lookup individualproducts and vulnerabilities and assess, whether they need to takeany actions to secure their systems or whether a given vulnerabilityhas already been discovered.

Apache OpenWhisk is prone to a remote code-execution vulnerability.An attacker may exploit this issue to inject and execute arbitrary code within the context of the affected application; this may aid in further attacks.Versions prior to Apache OpenWhisk 1.3.1 are vulnerable.